Common Criteria for Information Technology Security Evaluation

What Does Common Criteria for Information Technology Security Evaluation Mean?

The Common Criteria for Information Technology Security Evaluation (CC) is an international standard based on computer security product and system evaluations. CC provides guidance on required functionality and assurance for security-related products and other items in a specific environment. CC evaluations are conducted for product consumers, users, technology developers and evaluators.

Advertisements

CC is also known as ISO/IEC 15408.

Techopedia Explains Common Criteria for Information Technology Security Evaluation

A CC evaluation is performed on a Target of Evaluation (TOE), including separate or combined hardware, firmware and software. Not always a full IT product, a TOE may be a newly developed item or consolidated package and configured as follows:

  • Software application only
  • OS only
  • Software application and OS
  • Software application, OS and workstation
  • OS and workstation
  • Smart card integrated circuit only
  • Cryptographic coprocessor only (a smart card integrated circuit component)
  • Local area network (LAN), including terminals, network equipment, software and servers
  • Database application only (without remote client software)

A TOE may take the form of a configuration management system file list, master copy, packaged CD-ROM/customer user manual or previously installed and operational state.

A CC has three components:

  • General CC/TOE model and introduction: Provides a basic TOE evaluation outline
  • Security function component section: Relates common IT product and technology security requirements
  • Security assurance component section: Relates common IT product and technology assurance requirements
Advertisements

Related Terms

Latest Cybersecurity Terms

Related Reading

Margaret Rouse
Margaret Rouse

Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical, business audience. Over the past twenty years her explanations have appeared on TechTarget websites and she's been cited as an authority in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine and Discovery Magazine.Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages. If you have a suggestion for a new definition or how to improve a technical explanation, please email Margaret or contact her…

Related News

dummy_img
Featured Content

Traders Think This Gaming Token Could Explode 10X For its Daily Passive Income Offer Up to 10000 USDT

Alan Draper12 years
dummy_img
Artificial Intelligence

Meta’s SeamlessM4T: One Step Closer to Universal Language Translation

Dr. Tehseen Zia12 years
dummy_img
Blockchain

Can Global Cooperation Achieve Consistent Stablecoin Regulation?

Iliana Mavrou12 yearsCrypto Writer
dummy_img
Blockchain

Is Polygon’s POL Upgrade The Future Of Multi-Chain Staking?

John Isige12 yearsCrypto Writer
dummy_img
Featured Content

Chimpzee Continues To Wow Crypto Community With Charity Events, Presale Heating Up

Alan Draper12 yearsEditor-in-Chief
dummy_img
Artificial Intelligence

The Future of Dark AI Tools: What to Expect Next?

Tim Keary12 yearsTechnology Expert

Popular Categories
Show All

Antivirus
Antivirus
Artificial Intelligence
Artificial Intelligence
Audio
Audio
CRM
CRM
Cryptocurrency
Cryptocurrency
Gambling
Gambling
Gaming
Gaming
HR
HR
Laptops
Laptops
Network
Network
Password Managers
Password Managers
Project Management
Project Management
Spy
Spy
Trading
Trading
VoIP
VoIP
VPN
VPN